Which option is a key difference between Cisco IOS interface ACL configurations and Cisco ASA appliance interface ACL configurations?
A.
The Cisco IOS interface ACL has an implicit permit-all rule at the end of each interface ACL.
B.
Cisco IOS supports interface ACL and also global ACL. Global ACL is applied to all interfaces.
C.
The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard masks.
D.
The Cisco ASA appliance interface ACL also applies to traffic directed to the IP addresses of the Cisco ASA appliance interfaces.
E.
The Cisco ASA appliance does not support standard ACL. The Cisco ASA appliance only support extended ACL.
Explanation:
C.
The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard masks.
sort of “true-ish” …..the concept of wild-cards vs. net-masks goes deeper then this question implies or allows for.
…well it is a CCNA pool not a ccnp pool, so pointing out the Wildcards can create EXCLUSION as well as INCLUSION by the way it is formatted is likely too deep for this pool of questions.
http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-1/user/guide/CSMUserGuide_wrapper/fwaccess.html
Understanding Access Rule Address Requirements
and How Rules Are Deployed
when TOOLS convert FOR YOU….which to me is MORE confusing and annoying then it just flashing a warning that tells you to LEARN THE CONCEPT of wildcarding and be aware of what you are applying.